Make sure that your external DNS server has the correct TXT records for "Proof" and that you can successfully query the server. To do this, follow these steps:
- Open Exchange Management Shell on the on-premises Exchange server, and then run the following command:
Get-FederatedDomainProof -DomainName contoso.com
- On a computer that uses an external DNS server, run the following command:
Nslookup.exe -querytype=txt <contoso.com>
- Examine the values that are returned in the commands that you ran in steps 1 and 2.
One of the values that's returned by the Nslookup command must match the "Proof of Domain Ownership" value that's returned by the Get-FederatedDomainProof command. If the values do not match, use the result that's returned by the Get-FederatedDomainProof command to update your external DNS server. For more information about how to do this, see Create a TXT Record for Federation.
- Rerun the Hybrid Configuration wizard.
Still need help? Go to Microsoft Community or the Exchange TechNet Forums.
Article ID: 3068837 - Last Review: 21 Dec 2016 - Revision: 1